An e-payment Architecture Ensuring a High Level of Privacy Protection

Online shopping is becoming more and more interesting for clients because of the ease of use and the large choice of products. As a consequence, 2.3 billion online clients have been identified in 2011. This rapid increase was accompagnied by various frauds, including stolen smart cards or fraudulent repudiation. Several e-payment systems have been proposed to reduce these security threats and the 3D-Secure protocol is becoming a standard for the payment on the Internet. Nevertheless, this protocol has not been studied in-depth, particularly in terms of privacy. This paper proposes a detailed description and an analysis of the 3D-Secure protocol, through a new privacy-orienting model for e-payment architectures. Some improvements of 3D-Secure protocol, concerning the protection of banking information, are also presented. Then, this article presents and analyses a new online payment architecture centered on the privacy of individuals.

[1]  Huaxiong Wang,et al.  Formal analysis of card-based payment systems in mobile devices , 2006, ACSW.

[2]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[3]  Kjell Jørgen Hole,et al.  A Proof of Concept Attack against Norwegian Internet Banking Systems , 2008, Financial Cryptography.

[4]  Steven J. Murdoch,et al.  Optimised to Fail: Card Readers for Online Banking , 2009, Financial Cryptography.

[5]  Javier López,et al.  Trust, Privacy and Security in E-Business: Requirements and Solutions , 2005, Panhellenic Conference on Informatics.

[6]  Evgeniy Gabrilovich,et al.  The homograph attack , 2002, CACM.

[7]  Rui Wang,et al.  How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores , 2011, 2011 IEEE Symposium on Security and Privacy.

[8]  Fabio Massacci,et al.  Verifying the SET Purchase Protocols , 2005, Journal of Automated Reasoning.

[9]  Catherine A. Meadows,et al.  A Formal Specification of Requirements for Payment Transactions in the SET Protocol , 1998, Financial Cryptography.

[10]  See-Kiong Ng,et al.  Enabling Privacy-Preserving e-Payment Processing , 2008, DASFAA.

[11]  Steven J. Murdoch,et al.  Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication , 2010, Financial Cryptography.

[12]  Fabio Massacci,et al.  The verification of an industrial payment protocol: the SET purchase phase , 2002, CCS '02.

[13]  Onur Aciiçmez,et al.  Improving Brumley and Boneh timing attack on unprotected SSL implementations , 2005, CCS '05.

[14]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[15]  Huaxiong Wang,et al.  Privacy enhanced electronic cheque system , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[16]  Srecko Brlek,et al.  A flaw in the electronic commerce protocol SET , 2006, Inf. Process. Lett..

[17]  Lynn Margaret Batten,et al.  E-commerce: protecting purchaser privacy to enforce trust , 2011, Electron. Commer. Res..

[18]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[19]  Wei-Bin Lee,et al.  A Practical and Efficient Electronic Checkbook , 2009, J. Organ. Comput. Electron. Commer..

[20]  Diego Suarez,et al.  New E-Payment Scenarios in an Extended Version of the Traditional Model , 2008 .